[wp-trac] [WordPress Trac] #18322: The Road to Magic Quotes Sanity

WordPress Trac noreply at wordpress.org
Thu Aug 22 21:28:03 UTC 2013


#18322: The Road to Magic Quotes Sanity
--------------------------+-----------------------------
 Reporter:  ryan          |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Future Release
Component:  General       |     Version:  3.2.1
 Severity:  normal        |  Resolution:
 Keywords:                |
--------------------------+-----------------------------

Comment (by rlange):

 addslashes()—called by add_magic_quotes(), which is itself called by
 wp_magic_quotes()—has the nasty side effect of silently converting
 integers to strings.

 This is most obvious when working with $_SERVER!['REQUEST_TIME'], which is
 an integer.

 I had written code outside of WordPress that attempts to parse the given
 value using strtotime() if it's a string, or accept it as a timestamp if
 it's an integer. Unfortunately, strtotime() doesn't parse timestamps that
 are strings. This code failed when used within a WordPress site.

 The workaround is simple enough, but I think this qualifies as unexpected
 behavior. A possible solution is for WordPress to check if the value is a
 string before applying addslashes().

--
Ticket URL: <http://core.trac.wordpress.org/ticket/18322#comment:26>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list